Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
189s -
max time network
260s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25/11/2022, 19:26 UTC
General
-
Target
市政工程表格/市政资料/007.xls
-
Size
17KB
-
MD5
71ad8573c09317468457b2ef3838a4bc
-
SHA1
2d7d207e5e16dd1154e6f631d8e4f7b69a23278f
-
SHA256
39074c98a618dd2bd7d7aac3481ef8e55f65f18c124c1a66996e3cbd232aca37
-
SHA512
7b2b352800c125af4a6a75de90350a51b048f71c728f7375bc8a1ee34c76384d8251d72d8eafa18adb476a1ea7b55842e9f584b3c172eb30876857e5e9639822
-
SSDEEP
192:EDbp4p4p4p4yLa/R2+SsS4gwztz+48U1N5OHs9VT:G2222yLa/R234xX8GN5OHY
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\市政工程表格\市政资料\007.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
-
DNS97.97.242.52.in-addr.arpaRemote address:8.8.8.8:53Request97.97.242.52.in-addr.arpaIN PTRResponse
-
104.80.225.205:443
-
178.79.208.1:80
-
178.79.208.1:80
-
20.42.65.84:443
-
8.8.8.8:5397.97.242.52.in-addr.arpadns
DNS Request
97.97.242.52.in-addr.arpa
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB